Trend Micro OfficeScan ObjRemoveCtrl ActiveX Control BOF Vulnerability

Summary
This Remote host is installed with Trend Micro OfficeScan, which is prone to ActiveX control buffer overflow vulnerability.
Impact
Successful exploitation could allow remote attackers to execute arbitrary code. Impact Level : Application.
Solution
Upgrade to OfficeScan 10 or later, For updates refer to http://uk.trendmicro.com/uk/downloads/enterprise/index.html
Insight
The flaws are due to an error in objRemoveCtrl control, which is used to display certain properties (eg., Server, ServerIniFile etc..) and their values when it is embedded in a web page. These property values can be overflowed to cause stack based overflow.
Affected
OfficeScan 7.3 build 1343 (Patch 4) and prior on Windows (All). Trend Micro Worry-Free Business Security (WFBS) version 5.0 Trend Micro Client Server Messaging Security (CSM) versions 3.5 and 3.6 Quick Fix: Set killbits for the following clsid's {5EFE8CB1-D095-11D1-88FC-0080C859833B} To set kill-bit refer, http://support.microsoft.com/kb/240797
References